Can the FTC Protect Consumers in the Digital Age?

Weekly Digest

Can the FTC Protect Consumers in the Digital Age?

You’re reading the Benton Foundation’s Weekly Round-up, a recap of the biggest (or most overlooked) telecommunications stories of the week. The round-up is delivered via e-mail each Friday.

Round-Up for the Week of November 26-30, 2018

McBeath

On Tuesday, November 27, 2018, the Senate Commerce Committee’s Subcommittee on Consumer Protection held an oversight hearing on the Federal Trade Commission. The hearing examined the FTC’s “priorities in promoting competition and consumer protection, the ongoing innovation hearings and how changes in technology impact the agency, and whether the FTC should have expanded authority with respect to privacy and data security.” In other words -- is the FTC doing a good enough job? And if not, what needs change?

All five FTC commissioners testified, the first time all were together before Congress. Naturally, being an oversight hearing, there were some partisan differences of opinion. But, some general consensus emerged: both senators and commissioners agreed that the modern economy has produced some very large companies, and, partly as a result, we have seen massive privacy violations. One of the main ideas everyone came back to was: Is it time to make some changes -- e.g. expanding the FTC’s rulemaking authority, a national privacy law, more resources for the agency -- so that the FTC can properly carry out its duty to provide consumer protection and promote competition?

"Big Tech" Was on the Menu

Subcommittee Chairman Jerry Moran (R-KS) wants an update on the FTC’s investigation of Facebook sharing user data with Cambridge Analytica, including when that investigation might wrap up and what penalties the company might face.

Chairman Jerry Moran (R-KS)

Big Tech is no longer entitled to say "trust us," said Ranking Member Richard Blumenthal (D-CT). Facebook and Google can't be allowed to police themselves, said Blumenthal, as he suggested it is time to end "this cycle of impunity."

"We have seen this year that the misuse and abuse of our data represents not only a threat to consumer safety, but also national security, the defense of our nation, and the health of our democracy." -- Ranking Member Richard Blumenthal

Nor is Big Tech entitled to be as big as it is any longer, he added ominously, pointing out that misuse of market power can violate antitrust laws.

Senator Ted Cruz (R-TX), himself a former FTC staffer, also went after Big Tech in his questions to FTC Chairman Joseph Simons.

He asked Chairman Simons whether the FTC was concerned about the "massive accumulation of power" by Big Tech and how antitrust law should approach that massive concentration.

Chairman Simons said the FTC was worried about the exercise of market power, not the fact of that power. He cautioned that the fact that the companies are big does not mean it is a problem unless "they got big by being bad"—through anticompetitive conduct—or remain big through such conduct. Only that is something the FTC needs to stop.

Ranking Member
Richard Blumenthal (D-CT)

FTC Commissioner Rohit Chopra, however, suggested there might be some cause for worry over competition given the massive accumulation of power. He said that if you talk to investors, many say they won't fund a new startup unless they can see the payday of it eventually being bought by a Google or Facebook. He told Sen. Cruz he wasn't sure there could be a competitive market or innovative economy "where investors are putting money only into ideas that they can sell to an existing incumbent.”

Sen. Cruz called those "good and important" concerns.

Limitations of the FTC

Benton Senior Fellow and Public Advocate Gigi Sohn has pointed out that the FTC is severely limited and unable to adequately provide modern consumer protection on its own. Why?

The FTC currently lacks the legal authority over “common carriers” (telecommunications providers);

The FTC does not have civil penalty authority; and

The FTC lacks rulemaking authority (the ability to adopt rules that protect consumers, like what the FCC does).

The FTC’s main deterrence tool is consent decrees, with which it can fine companies only after they have been caught violating rules. “It seems absurd,” said Sen. Schatz in September about the reactive, rather than proactive, enforcement tools Congress has provided the FTC.

Section 5 of the FTC Act empowers the FTC to take action against deceptive or unfair commercial practices. The FTC has used Section 5 as its primary source of legal authority in the privacy and data security arena. But Section 5 does not account for the limitations noted above, and the FTC noted this in its testimony:

Section 5 does not provide for civil penalties, reducing the Commission’s deterrent capability. The Commission also lacks authority over non-profits and over common carrier activity, even though the acts or practices of these market participants often have serious implications for consumer privacy and data security. Finally, the FTC lacks broad [Administrative Procedure Act (APA)] rulemaking authority for data security generally.

The Commission has challenged numerous privacy and security practices under Section 5 of the FTC Act. Our program in these areas – which includes enforcement, as well as consumer and business education – has been highly successful within the limits of our authority. But Section 5 is an imperfect tool. In my view, we need more authority.

Granting the FTC civil penalty authority is being debated as a potential provision of a national privacy law (more on that below).

After the hearing, Subcommittee Chairman Moran said he has no “initial opposition” to increasing the FTC’s ability to levy civil penalties. Democrats appear to favor giving the FTC this authority.

Solutions

A National Privacy Law

The hearing this week came two months after the full Senate Commerce Committee held a hearing on consumer privacy [See: Senate Privacy Hearing: Apologies, Explanations, And Weak Support]. The notion of a national privacy law came up at both. “The question is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take,” Senate Commerce Committee Chairman John Thune (R-SD) said back in September.

This week, the FTC got the chance to weigh in:

[T]he Commission urges Congress to consider enacting privacy legislation that would be enforced by the FTC. While the agency remains committed to vigorously enforcing existing privacy-related statutes, Congress may be able to craft federal legislation that would more seamlessly address consumers’ legitimate concerns regarding the collection, use, and sharing of their data and provide greater clarity to businesses while retaining the flexibility required to foster competition and innovation.

Chairman Moran has been working with Ranking Member Blumenthal on a bipartisan privacy bill to give the FTC more teeth. A privacy bill likely "involves additional rulemaking authority and broader opportunities for the FTC to engage in protecting consumers' privacy in this country," Chairman Moran said. Both he and Blumenthal said they are still hashing out the details, noting that the debate over whether a federal privacy measure should pre-empt state laws is particularly tricky.

In his opening statement, Ranking Member Blumenthal suggested, at a minimum, any federal privacy legislation should be as tough as California's privacy law and Europe's privacy framework.

Talking to reporters after the hearing, Blumenthal said, "My hope is we can have something to introduce early in the new session. I've been impressed by the growing consensus that we've developed over the last few months. We've made a lot of progress."

Politico noted that the effort combines buy-in from outgoing-Chairman Thune and likely incoming-Senate Commerce Committee Chairman Roger Wicker (R-MS). Moran and Blumenthal suggested Democrats and Republicans are not that far apart. Senator Ron Wyden (D-OR) has already proposed legislation that would give the FTC the authority to penalize tech companies over data abuse, including jail time.

More Resources For the FTC?

In addition to legislation that would give the FTC more authority, the hearing gave an opportunity for lawmakers and commissioners to discuss additional help for enforcement efforts.

Outgoing-Commerce Committee Ranking Member Bill Nelson (D-FL) used his opening statement to advocate that the FTC be provided more resources so that it can effectively do its job. “It is my hope that Congress will finally step up to the plate and do the right thing by providing the FTC with increased funding and personnel to police the marketplace and protect American consumers.”

Sen. Blumenthal said the FTC has fallen short because of an apparent lack of will [more on that below], but also because of a lack of resources.

Some FTC commissioners agreed on the need for more help. "I don't think we have enough resources right now to do the job that Congress expects of us," said Commissioner Rebecca Slaughter. In her opening statement, she noted that the FTC had 50 percent more employees at the beginning of the Reagan administration than it does today.

"When cities grow and get much bigger, they hire more cops," said Commissioner Rohit Chopra. "We have to do the same for us."

What Can the FTC Do About Platforms?

In questions to FTC Chairman Simons, Sen. Cruz got assurances that the commission is looking into what he called Google's "deceptive and intrusive collection of location information on Android smartphones,” its tracking of in-store purchases, and its "deceptive by design" user privacy settings.

The commissioners couldn’t talk specifics about non-public investigations, but Chairman Simons noted that if there are Congressional letters that point out a problem, the FTC is on it.

But Sen. Cruz also wanted to talked about Silicon Valley censoring conservative speech. He said large tech companies were using their market power to silence discourse in the public space that they disagreed with—he cited Twitter banning a conservative speaker, apparently a reference to conservative Jesse Kelly (coincidentally, he was reinstated the same day as the hearing). Sen. Cruz said there was virtually no transparency about what Twitter, Google, or Facebook might be doing to censor speech. He asked Chairman Simons what the FTC could and should be doing about that.

Chairman Simons signaled it was not clear to him that the FTC should be doing anything in the area of speech. He said what Sen. Cruz was talking about was similar to the FCC's Fairness Doctrine, a former federal policy that required television and radio broadcasters to present contrasting viewpoints on controversial issues of public importance. [The policy was eliminated during Reagan administration, BTW, allowing for the rise of conservative talk radio.]

Chairman Simons said "maybe there is an FCC angle there that is appropriate for either the Congress or the FCC to pursue." He said that unless it related to a competition issue, or is unfair or deceptive, "then I don't think we have a role."

Commissioner Chopra signaled he was thinking more along Sen. Cruz's lines. He said that he agreed with Sen. Cruz that the public knows very little about how edge providers make content decisions. While he conceded there are free speech issues that might not be in the FTC's wheelhouse, the FCC has authority to compel business practice transparency.

FTC Criticisms Outside of the Hearing

The FTC received criticism for its comments around privacy outside of the Senate hearing, as they indicated the agency may not be planning to be a strong enforcer of consumer privacy.

In September, the Commerce Department’s National Telecommunications and Information Administration (NTIA) asked for comments to guide its approach in crafting consumer privacy policy. The FTC submitted comments November 9.

Former-FCC Chairman Tom Wheeler criticized the FTC, saying that if citizens and Congress are looking to the FTC for leadership in the protection of personal privacy, they should “prepare for disappointment.”

In his dissection of the FTC’s comments, Wheeler claims the FTC “walked away from giving consumers meaningful control of their private information. The bromides they espoused sound remarkably similar to the arguments of the companies that routinely exploit our privacy.”

Wheeler slammed the FTC for commenting that certain privacy controls “can be costly to implement and may have unintended consequences.” The FTC wrote, “if consumers were opted out of online advertisements by default (with the choice of opting in), the likely result would include the loss of advertising-funded online content.”

Wheeler called out the “political spin”:

What an amazing transmogrification of ‘opt-in’ privacy protections to become an ‘opt-out’ of advertising! The fundamental concept that the consumer should have the right to opt-in control of information collected about them magically transformed into opting out of advertisements.

The FTC is wrong because when a consumer chooses what information to provide, it does not mean they are choosing to opt out of advertising. It only means that each consumer is exercising their individual agency to decide what information is collected about them for the targeting of advertisements.

Limiting consumers to opting out only after the data collection has begun—as the FTC advocates—merely shifts the burden to the consumer to attempt to recover their privacy.

So, while Section 5 does impose legal barriers to having the FTC be an adequate consumer privacy enforcer, it appears the Republican-led agency is also pumping the breaks of privacy rules for sake of aiding industry.

And we should remember that, while opt-in/opt-out debates can get technical and wonky, ultimately, it is about the important right to privacy. Wheeler closes by saying:

Facebook gave access to the personal data of 87 million Americans (without their knowledge) to Cambridge Analytica. Those Americans did not benefit from the “customized services” the industry and FTC like to talk about. Denied any opt-in authority as to what information could be collected and who could use it, these Americans were exploited for the benefit of Facebook’s revenue, Cambridge Analytica’s manipulation, and the Russian government’s propaganda.

It is concerning that the FTC—the agency so many have looked to as a potential protector of online privacy—has shown that when given a choice between protecting companies or protecting consumers, they accept the companies’ spin and walk away from Americans’ concerns about their personal privacy.

Conclusion

The takeaway from this week’s FTC oversight hearing is that the FTC agrees it needs help in effectively protecting consumers. For that help, we look to Congress. In the next Congressional session, we can expect to see more conversations and a draft of a national privacy law, which will surely guide how the FTC protects consumer privacy in the future. But, as it stands now, national consumer protection enforcement is under-supported, and continued large-scale privacy violations can be reasonably expected.

Benton, a non-profit, operating foundation, believes that communication policy - rooted in the values of access, equity, and diversity - has the power to deliver new opportunities and strengthen communities to bridge our divides. Our goal is to bring open, affordable, high-capacity broadband to all people in the U.S. to ensure a thriving democracy.